wanderer/ PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-04-20 13:24:01 +02:00
Code Issues Releases Activity

Merge pull request #500 from tarishard/master 

Added information on 307 and 308 redirects
This commit is contained in:
Swissky 2022-05-19 12:29:02 +02:00 committed by GitHub
parent 5035ed0891 023a3c38e3
commit 12ee527763
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Server Side Request Forgery/README.md
View File

@ -255,6 +255,7 @@ http://127.1.1.1:80#\@127.2.2.2:80/
1. Create a page on a whitelisted host that redirects requests to the SSRF the target URL (e.g. 192.168.0.1)
2. Launch the SSRF pointing to vulnerable.com/index.php?url=http://YOUR_SERVER_IP
vulnerable.com will fetch YOUR_SERVER_IP which will redirect to 192.168.0.1
3. You can use response codes [307](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307) and [308](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/308) in order to retain HTTP method and body after the redirection.
```
### Bypassing using type=url